Professor Messer, SY0-601, Practice Exam B 1 Warning, this test is will automatically terminate and the end of 90 minutes, in order to simulate the actual amount of time given on the CompTia test. Thank you for your participation. Your test is being scored and will be available shortly. SY0-601 - Security+ - Exam B 1 / 85 A Linux administrator has received a ticket complaining of response issues with a database server. After connecting to the server, the administrator views this information: Filesystem Size Used Avail Use% Mounted on /dev/xvda1 158G 158G 0 100% / Which of the following would BEST describe this information? Buffer overflow Race condition Resource exhaustion SQL injectin 2 / 85 A user in the accounting department has received an email from the CEO requesting payment for a recently purchased tablet. However, there doesn't appear to be a purchase order associated with this request. Which of the following would be the MOST likely attack associated with this email? Credential harvesting Invoice scam Watering hole attack Spear phishing 3 / 85 A system administrator would like to segment the network to give the marketing, accounting, and manufacturing departments their own private network. The network communication between departments would be restricted for additional security. Which of the following should be configured on this network? VPN RBAC NAT VLAN 4 / 85 A company has rolled out a new application that requires the use of a hardware-based token generator. Which of the following would be the BEST description of this access feature? something you do something you have something you know something you are 5 / 85 A new malware variant takes advantage of a vulnerability in a popular email client. Once installed, the malware forwards all email attachments containing credit card information to an external email address. Which of the following would limit the scope of this attack? Enable MFA on the email client Require users to enable the VPN when using email Update the list of malicious URLs in the firewall. Scan outgoing traffic with DLP (data loss prevention) 6 / 85 Sam, a security administrator, is configuring the authentication process used by technicians when logging into a router. Instead of using accounts that are local to the router, Sam would like to pass all login requests to a centralized database. Which of the following would be the BEST way to implement this requirement? IPsec PAP RADIUS MS-CHAP 7 / 85 a third-party vulnerability scan reports that a company's web server software version is susceptible to a memory leak vulnerability. Which of the following would be the expected result if this vulnerability was exploited? Rootkit installation Data Theft DDoS Unauthorized system access 8 / 85 A security administrator attends an annual industry convention with other security professionals from around the world. Which of the following attacks would be MOST likely in this situation? Impersonatin Smishing Watering hole Supply chain 9 / 85 A financial services company is headquartered in an area with a high occurrence of tropical storms and hurricanes. Which of the following would be MOST important when restoring services disabled by a storm? Disaster recovery plan Stakeholder management Retention plan Communication plan 10 / 85 A government transport service has installed access points that support WPA3. Which of the following technologies would provide enhance security for PSK while WPA3? SAE WPS 802.1x WEP 11 / 85 A user in the mail room has reported an overall slowdown of his shipping management software. An anti-virus scan did not identify any issues, but a more thorough malware scan identified a kernal driver that was not part of the the original operating system installation. Which of the following malware was installed on this system? Rootkit Ransonware Keylogger Bot RAT 12 / 85 A security administrator has identified a DoS attack against the company's web server from an IPv4 address on the Internet. Which of the following security tools would provide additional details about the attacker's location? (Select TWO) tracert ipconfig dig netcat ping arp 13 / 85 A manufacturing company makes radar used by commercial and military organizations. A recently proposed policy change would allow the use of mobile devices inside the facility. Which of the following would be the MOST significant security issue associated with this change in policy? Out of date mobile operating systems Unauthorized software on rooted devices Photo and video use Remote access clients on the mobile devices 14 / 85 A security administrator has performed an audit of the organization's production web servers, and the results have identified banner information leakage, web services running from privileged account, and inconsistencies with SSL certificates. Which of the following would be the BEST way to resolve these issues? Enable HTTPS Run operating system updates Multi-factor authentication Server hardening 15 / 85 Which of the following would be the best way to describe the estimated number of laptops that might be stolen in a fiscal year? MTTR (Mean time to Repair) ALE (Annual Loss Expectancy) ARO (Annualized Rate of Occurrence) SLE (Single Loss Expectancy) 16 / 85 In the past, an organization has relied on the curated Apple App Store to avoid issues associated with malware and insecure applications. However, the IT department has discovered an iPhone in the shipping department that includes applications that are not available on the Apple App Store. how did the shipping department user install these apps on their mobile device? Tethering MMS Install Sideloading OTA updates 17 / 85 Which of the following would be the MOST likely result of plaintext application communication? Replay attack Directory traversal Resource exhaustion Buffer overflow 18 / 85 A security administrator is researching an issue with conference room users at a remote site. When connected to the wireless network, users receive an IP address that is not part of the corporate addressing scheme. Communication over this network also appears to have slower performance than the wireless connections elsewhere in the building. Which of the following would be the MOST likely reason for these issues? DDoS MAC flooding rogue access point Domain hijack 19 / 85 A security engineer is preparing to conduct a penetration test. Part of the preparation involves reading through social media posts for information about a third-party website. Which of the following descirbes this practice? Exfiltration Active footprinting Partially known environment OSINT 20 / 85 An organization has identified a security breach and has removed the affected servers from the network. Which of the following is the NEXT step in the IR process? Preparation Eradication Containment Identification Recovery 21 / 85 The network design of an online women's apparel company includes a primary data center in the United States and secondary data centers in London and Tokyo. Customers place orders online via HTTPS to servers at the closets data center, and these orders and customer profiles are then centrally stored in the United States data center. The connections between all data centers are Internet links with IPsec tunnels. Fulfillment requests are sent from the United States data center to shipping locations in the customer's country. Which of the follwong shoud be the CIO's MOST significant security concern with this existing network design? customer information is transferred between countries The data center are located geographically distant from each other Fulfillment requests are shipped within the customer's country IPsec connects data centers over public Internet links 22 / 85 An attacker has created amhy social media accounts and is posting information in an attempt to get the attention of the media. Which of the following would BEST describe this attack? on-path Watering hole Influence campaign Phishing 23 / 85 A security administrator has identified the installation of a RAT on a database server and has quarantined the system. Which of the following should be followed to ensure that the integrity of the evidence is maintained? Legal Hold Chain of custody Non-repudiation Perfect forward secrecy 24 / 85 A company is launching a new internal application that will not start until a username and password is entered and a smart card is plugged into the computer. Which of the following BEST decribes this process? Authorization Federation Accounting Authentication 25 / 85 Which of the following would be the BEST option for application testing in an environment that is completely separated from the production network? Air Gap Cloud Computing VLANs Virtualization 26 / 85 A shipping company stores information in small regional warehouses around the country. The company keeps an IPS online at each warehouse to watch for suspicious traffic patterns. Which of the following would BEST describe the security control used at the warehouse? Managerial Compensating Physical Detective 27 / 85 Daniel, a system administrator, believes that certain configuration files on a Linux server have been modified from their original state. Daniel has reverted the configurations to their original state, but he would like to be notified if they are changed again. Which of the following would be the BEST way to provide this functionality? Application allow list HIPS File integrity check WAF 28 / 85 Jack, a security administrator, has been tasked with hardening all of the internal web servers to prevent on-path attacks and to protect the application traffic from protocol analysis. These requirements should be implemented without changing the configuration on the client systems. Which of the following should Jack include in his project plan? Create a web server certificate and sign it with internal CA Add DNSSEC records on the internal DNS servers Use IPsec for client connections Require FTPS for all transfers Use HTTPS over port 443 for all server communication 29 / 85 A security administrator is designing a storage array that would maintain an exact replica of all data without striping. The array needs to operate normally if a single drive was to fail. Which of the following would be the BEST choice for this storage system? RAID 5 RAID 0 RAID10 RAID 1 30 / 85 An IPS report shows a series of exploit attempts were made against externally facing web server. The system administrator of the web servers has identified a number of unusual log entries on each system. Create a plan for removing malware from the web servers Disconnect the web servers from the network Disable any breached user accounts check the IPS logs for any other potential attacks 31 / 85 A security administrator would like to create an access control where each file or folder is assigned a security clearance lever, such as 'confidential' or 'secret'. The security administrator would then assign a maximum security level to each user. What type of access control would be used in this network. Discretionary Rule-based role-based Mandatory 32 / 85 A recent audit has determine that many IT department accounts have been granted Administrator access. The audit recommends replacing these permissions with limited access rights. Which of the following would BEST describe this policy? Offboarding Discretionary Access Control Least privilege Separation of duties 33 / 85 A security administrator has found a keylogger installed alongside an update of accounting software. Which of the followin would prevent the transmission of the collected logs? Scan all incoming email attachments at the email gateway Insall host-based anti-virus software Block all unknown outbound network traffic at the Internet firewall Prevent the installation of all software 34 / 85 A user in the accounting department would like to send a spreadsheet with sensitive information to a list of third-party vendors. Which of the following could be used to transfer this spreadsheet to the vendors? DNSSEC SNMPv3 FTPS SRTP 35 / 85 jack, a hacker, has identified a number of devices on a corporate network that use the username of 'admin' and the password of 'admin'. Which vulnerability describes this situation? default configuration weak cipher suite NULL pointer dereference improper error handling 36 / 85 The Vice President of Sales has asked the IT team to create daily backups of the sales data. The Vice President is an example of a: Data steward Data protection officer Data processor Data owner 37 / 85 An organization has traditionally purchased insurance to cover a ransomware attack, but the costs of maintaining the policy have increased above the acceptable budget. The company has now decided to cancel the insurance policies and deal with ransomware issues internally. Which of the following would best describe this actions? Risk-avoidance Acceptance Transference Mitigation 38 / 85 Which of these threat actors would be the MOST likely to deface a website to promote a political agenda? hacktivist Nation state Organized crime Competitor 39 / 85 Which of the following would be the MAIN reasons why a system administrator would use a TPM when configuring full disk encryption? (Select TWO) Stores certificates in a hardware security module Allows the encryption of multiple volumes Protects against EMI leadage Includes built-in protections against brute-force attacks Uses burned-in crypotographic keys 40 / 85 A security administrator would like to test a server to see if a specific vulnerability exits. Which of the following would be the BESt choice for this task? Autopsy Netcat FTK Imager metasploit 41 / 85 Your company owns a purpose-built appliance that does not provide any access to the operating system and doesn't provide a method to upgrade the firmware. Which of the following describes this appliance? weak configuration embedded system improper imput handling End-of-life 42 / 85 Which of the following vulnerabilities would be the MOST significant security concern when protecting against a competitor? Data center access with only one authentication method Lack of patch updates on an Internet-facing database server Spoofing of internal IP addresses when accessing an intranet server Employee VPN access uses a weak encryption cipher 43 / 85 A company has connected their wireless access points and have enable WPS. Which of the following security issues would be associated with this configuration? Brute force Cryptographic vulnerability Client hijacking Spoofing 44 / 85 A company has been informed of a hypervisor vulnerability that could allow users on one virtual machine to access resources on another virtual machine. Which of the following would BEST describe this vulnerability? Containerization VM escape Service integration SDN 45 / 85 A company has identified a compromised server, and the security team would like to know if an attacker has used this device to move between systems. Which of the following would be the BEST way to provide this information? Email header DNS server logs NetFlow Logs Penetration test 46 / 85 A recent security audit has discovered email addresses and passwords located in a packet capture. Which of the following did the audit identify? Improper patch management Insecure protocols Open ports Weak encryption 47 / 85 A transportation company is installing new wireless access points in their corporate offices. The manufacturer estimates that the access points will operate an average of 100,000 hours before a hardware-related outage. Which of the following describes this estimate? MTBF MTTR RTO RPO 48 / 85 Vala, a security analyst, has received an alert from her IPS regarding active exploits attempts from the Internet. Which of the following would provide detailed information about these exploit attempts? Netstat Wireshark Nmap Nessus 49 / 85 A company is designing an application that will have a high demand and will require significant computing resources during the summer. During the winter, there will be little to no application use and resource use should be minimal. Which of these characteristics BEST describe this application requirement? Orchestration Availability Imaging Elasticity 50 / 85 A user in the marking department is unable to connect to the wireless network. After authenticating with a username and password, the user receives this message: -- -- -- The connection attempt could not be completed. The Credentials provided by the server could not be validated. Radius Server: radius.example.com Root CA: Example.com Internal CA Root Certficate -- -- -- The AP is configured with WPA3 encryption and 802.1X authentication. Which of the following is the MOST likely reason for this login issue? The user's computer does not support WPA3 encryption the user's computer is in the VLAN The user is in a location with an insufficient wireless signal The RADIUS server is not responding The client computer does not have the proper certificate installed 51 / 85 A security administrator is viewing the logs on a laptop in the shipping and receiving department and identifies these events: 8:55:30 AM | D:\Downloads\ChangeLog-5.0.4.scr | Quarantine Success 9:22:54 AM | C:\Program Files|Photo Viewer\ViewerBase.dll | Quaratine Failure 9:44:05 AM | C:\Sales\Sample32.dat | Quaratine Success Which of the following would BEST describe the circumstances surrounding these events? The antivirus application identified three viruses and quarantined two viruses A network-based IPS has identified two known vulnerabilities The host-based firewall blacked two traffic flows A host-based whitelist has block two applications from executing 52 / 85 A hacker is planning an attack on a large corporation. Which of the following would provide the attacker with details about the company's domain names and IP addresses? Open-source intelligence (OSint) Automated indicator sharing Information sharing center Vulnerability databases 53 / 85 A transportation company has moved their reservation system to a cloud-based infrastructure. The security manager would like to monitor data transfers, identify potential threats, and ensure that all data transfers are encrypted. Which of the following would be the BEST choice for these requirements? CASB VPN NGFW DLP 54 / 85 A system administrator has protected a set of system backups with an encryption key. The system administrator used the same key when restoring files from this backup. Which of the following would BEST describe this encryption type? Key Escrow Asymmetric Symmetric Out-of-band key exchange 55 / 85 Which of the following BEST describes the modification of application source code that removes white space, shortens variable names, and rearranges the text into a compact format? Confustion Diffusion Encryption Obfuscation 56 / 85 Which of the following would be the BEST way to determine if files have been modified after the forensics data acquisition process has occurred? Use a tamper seal on all the storage devices Create a hash of the data Take screenshots of file directories with file sizes Create an image of each storage device for future comparison 57 / 85 Which of the following would be a common result of a successful vulnerability scan? The BIOS configuration of a server A copy of images files from a private file share A list of Microsoft pathes that have not been applied to a server A list of usernames and password hases from a server 58 / 85 A security manager believes that an employee is using their laptop to circumvent the corporate Internet security controls through the use of a cellular hotspot. Which of the the following could be used to validate this belief? (Select TWO) Host-based firewall logs Web application firewall events Next-generation firewall logs HIPS UTM appliance logs 59 / 85 An online retailer is planning a penetration test as part of their PCI DSS validation. A third-party organization will be performing the test, and the online retailer has provided the Internet-facing IP address for their public web servers but no other details. What penetration testing methodology is the online retailer using? Partially known environment Known environment Passive footprinting Ping scan 60 / 85 A security engineer is running a vulnerability scan on their own workstation. The scanning software is using the engineers account access to perform all scans. What type of scan is running? Agile Credentialed Unknown environment Passive 61 / 85 Sam, a security administrator, is configuring an IPsec tunnel to a remote site. Which protocol should she enable to protect all of the data traversing the VPN tunnel? SHA-2 ESP Diffie-Hellman AH 62 / 85 Which of the following applies scientific principles to provide a post-event analysis of an intrusion? MIST RMK MITRE ATT&CK framework Diamond model ISO 27701 63 / 85 A system administrator is implementing a password policy that would require letters, numbers, and special characters to be included in every password. Which of the following controls MUST be in place to enforce this password policy? complexity reuse lockout length 64 / 85 An organization has developed an in-house mobile device app for order processing. The developers would like the app to identify revoked server certificates without sending any traffic over the corporate Internet connection. Which of the following MUST be configured to allow this functionality? OCSP stapling Hierarchical CA CSR Key escrow 65 / 85 A company has signed an SLA with an Internet service provider. Which of the following would BEST describe the content of this SLA? The service provider will provide 99.999% uptime Customer application use will be busiest on the 15th of each month The customer applications use HTTPs over tcp/443 The customer will connect to partner locations over an IPsec tunnel 66 / 85 to process the company payroll, a a manger logs into a third-party browser-based application and enters the hours worked for each employee. The financial transfers and physical check mailings for all provided by the third-party company. The manager does not maintain any servers or virtual machines within his company. Which of the following would BEST describe this application model? Private PaaS IaaS SaaS 67 / 85 Which of the following would limit the type of information a company can collect from their customers? Anonymization Masking Minimization Tokenizatin 68 / 85 An application developer is creating a mobile device app that will include extensive encryption and decryption. Which of the following technologies would be the BEST choice for this app? Diffie-Hellman PGP Elliptic curve AES 69 / 85 A manager of the accounting department would like to minimize the opportunity for embezzlement and fraud from any of the current accounting teach employees. Which of these policies should the manager use to avoid these issues? Mandatory vacations Acceptable use policy Clean desk policy Background checks 70 / 85 A security administrator designing a network to be PCI DSS complaint. Which of the following would be the BEST choice to provide this compliance? Connect a UPS to all servers Implement RAID for all storage systems Perform regular audits and vulnerability scans DNS should be available on redundant servers 71 / 85 If a person is entering a data center facility, they must check-in before they are allowed to move further into the building. People who are leaving must be formally check-out before they are able to exit the building. Which of the following would BEST facilitate this process? Faraday cage Protected distribution Access control vestibule Air gap 72 / 85 Which of the following would be the BEST way to protect credit card account information when performing real-time purchase authorizations? Tokenization masking DLP NGFW 73 / 85 A security administrator has discovered that an employee has been exfiltrating confidential company information by embedding the data within image files and emailing the images to a third-party. Which of the following would best describe this activity? Perfect forward secrecy Stegtanogrphy Digital signatures Block cipher 74 / 85 A company would like to automate their response when a virus is detected on company devices. Which of the following would be the BEST way to implement this function? SOAR IaaS Active footprinting Vulnerability scan 75 / 85 While working from home, users are attending a project meeting over a web conference. When typing in the meeting link, the browser is unexpectedly directed to a different website than the web conference. Users in the office do not have any issues accessing the conference site. Which of the following would be the MOST likely reason for this issue? DDoS DNS poisoning Wireless disassociation Bluejacking 76 / 85 Cameron, a security administrator, is reviewing a report that shows a number of devices on internal networks attempting to connect with servers in that data center network. Which of the following security controls should Cameron add to prevent internal systems from accessing data center devices? ACL NAT IPS VPN 77 / 85 Which of the following would be considered multi-factor authentication? Face scan and voiceprint Username, passwrod, and email address PIN and fingerprint SUB token and smart card 78 / 85 A security administrator has created a new policy that prohibits the use of MD5 hashes due to collision problem. Which of the following describes the reason for this new policy? Two different messages share the same hash Two identical messages have the same hash Two different messages have different hashes The orginial message can be derived from the hash 79 / 85 A technician at an MSP has been asked to manage devices on ;third-party private network. The technician needs command line access to internal routers, switches, and firewalls. Which of the following would provide the necessary access? Jump server HSM NAC Air gap 80 / 85 A security administrator has been asked to create a policy that would prevent access to a secure area of the network. All users who are not physically located in the corporate headquarters building would be prevented from accessing this area. Which of these should the administrator use? VPN Geofencing WAF Proxy 81 / 85 Last month, a finance company disposed of seven-year old printed customer account summaries that were no longer required for auditing purposes. A recent onlince search has now found that images of these documents are available as downloadable torrents. Which of the following would MOST likely has prevented this information breach? NDA Degaussing Pulping Fenced garbage disposal areas 82 / 85 Which of the following control types is assocated with a bollard? physical compensating detective corrective 83 / 85 A security administrator is updating the network infrastructure to support 802.1X authentication. Which of the following would be the BEST choice for this configuration? SNMPv3 MS-CHAP HTTPS LDAP 84 / 85 A transportation company headquarters is located in an area with frequent power surges and outages. The security administrator is concerned about the potential for downtime and hardware failures. Which of the following would provide the most protection against these issues? Select TWO. Dual power supplies NIC teaming Load balancing Incremental backups Port aggregation UPS 85 / 85 A virus scanner has identified a macro virus in a word processing file attached to an email. Which of the following information could be obtained from the metadta of this file? Operting system version Date and time when the file was created IPS signature name and number Alert disposition Your score is LinkedIn Facebook Twitter VKontakte